Slashdot Mirror
NoScript Awarded $10,000
An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: "NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment."
The fact that this ever had to be an *add-on* is just shameful. The fact that IE and Safari still don't have it (or something very similar) is close to criminal. Okay, Chrome has NotScripts, but that apparently requires some weird hacking to use securely.
And, no, the non-default ability to turn *all* scripts on or off isn't even close to the same thing. As the great Jules would say--it's not the same ballpark, not the same league, not even the same sport.
SJW: Someone who has run out of real oppression, and has to fake it.
For safari: Glimmer blocker is both an ad blocker and can deny and or rewrite scripts on the fly.
Yes, two fucking years ago the guy made a poor decision in the heat of the moment which he later apologized for. We should definitely crucify him for it forever.
That's too bad, because it's awesome. I haven't found anything else that comes close to how flexible and easy to use it is.
As far as trust goes - I trust the developer of NoScript over the entirety of the javascript code injected by advertising and tracking agencies out there.
By the way - did you read the NoScript developer's mea culpa?
My Other Computer Is A Data General Nova III.
Even though the author recognized his mistake, backed out the changes, and apologized profusely in a very public manner you still don't trust him? Harsh man, harsh.
http://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/
I'd rather not blacklist somebody over a single incident. However, if you happen to know of other instances where he did something sketchy, please let us know.
It certainly was a while ago and he did apologize (after the backlash), and I agree that we shouldn't hold it against him forever. Still, I tend to be wary of NoScript these days because of it. I'm not sure I would trust someone who abused his position like that with a $10k grant is all. Maybe I'm being unreasonable, but I don't think it's a big leap to think that someone who abused their position for monetary gain once might do so again. And it's definitely something that I think people who use NoScript should know about, old or not.
JavaScript [...] is extremely helpful for making useful, clean, modern websites.
I'll see your "useful, clean, modern" and raise you "glacial, bloated, bug-ridden".
Both JS and non-JS sites can be written well or poorly, and I'm not averse to a little javascript where it demonstrably improves the user experience, such as auto-focus into form fields for example. However, the problem is that some designers/developers just don't know when to stop, and seemingly only test their results on a gigabit LAN with a browser on their quad-core monster. As a consequence they think nothing of pulling in scripts and libraries from half a dozen sources and then proceed to use only one tenth of that code in the page. Frequently I see JS code where the whole way through it keeps testing over and over again for specific user agents so that it can choose which hackish workaround to employ instead of testing once and pulling in a brower-specific library. I have a 10Mbps broadband connection here and some pages take longer to load and render than they did 15 years ago.
Good designers and devs can produce excellent JS-based sites. But the other 99% are just a struggle to use and a good proportion of those are close to unusable.
Burns: We're building a casino!
McAllister: Arrr. Give me 5 minutes.
So he has a stupid spat with the guys at AdBlock Plus. So what?
People make stupid mistakes every once in a while. He apologized, and hasn't done anything dumb since. In the meantime, NoScript has continued to be a valuable tool that I add to every Firefox installation I use (well, all once he adds support for Firefox Mobile.)
I've tried to use it four or five times through the years, and I always end up removing it almost immediately. I find the UI to be confusing (and just plain bad) to the point of uselessness
What, exactly, is confusing about clicking one time on a menu item that reads "Allow slashdot.org" (for example)?
The only time I find there to be a problem is when a domain loads scripts from 5-10 other domains. That does make it difficult to figure out which scripts are required to make the site functional, but that's not a problem with NoScript...that's a problem with the site. And, it's exactly this "code from random sites" that makes NoScript important for browser security.
There are plenty of vulnerabilities found that do not need scripts, lets not make NoScript out to be more than what it is.
I'm sorry, I've got to call BS. That's like saying "There are plenty of illnesses out there that aren't virus-based or bacterial, so let's not make washing our hands out to be more important than it is."
Fact is, NoScript is an invaluable resource, with a clear, easy-to-use interface, and even the less-than-tech-savvy user can use it to vastly reduce their chance of 'catching' something. Yes, it does not provide perfect protection from everything, but I'm afraid the only way you can achieve that is to pull the plug on teh interwebs and live in your own virtual 'bubble'.
I for one applaud this award as well-deserved. Good on them!
"I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
Javascript itself isn't the problem so much as the tendency to need to allow javascript from 20 or 30 sites just to view a page in its entirety. Typically they don't tell you what sites they genuinely use so if you don't recognize the domain name then you don't have any way of knowing if it's intended to be executed by the web devs.
Government. Is there anything it can do that does not hurt the economy? If it can, I haven't found one example yet so far.
+5 ironic for writing that on the internet.
When information is power, privacy is freedom.
This morning I was awoken by my alarm clock powered by electricity generated by the public power monopoly regulated by the US Department of Energy. I then took a shower in the clean water provided by the municipal water utility. After that, I turned on the TV to one of the FCC regulated channels to see what the National Weather Service of the National Oceanographic and Atmospheric Administration determined the weather was going to be like using satellites designed, built, and launched by the National Aeronautics and Space Administration. I watched this while eating my breakfast of US Department of Agriculture inspected food and taking the drugs which have been determined as safe by the Food and Drug Administration. At the appropriate time as regulated by the US Congress and kept accurate by the National Institute of Standards and Technology and the US Naval Observatory, I get into my National Highway Traffic Safety Administration approved automobile and set out to work on the roads built by the local, state, and federal Departments of Transportation, possibly stopping to purchase additional fuel of a quality level determined by the Environmental Protection Agency, using legal tender issued by the Federal Reserve Bank. On the way out the door I deposit any mail I have to be sent out via the US Postal Service and drop the kids off at the public school. Then, after spending another day not being maimed or killed at work thanks to the workplace regulations imposed by the Department of Labor and the Occupational Safety and Health Administration, I drive back to my house which has not burned down in my absence because of the state and local building codes and the fire marshal's inspection, and which has not been plundered of all its valuables thanks to the local police department. I then log onto the Internet which was developed by the Defense Advanced Research Projects Administration and post on Slashdot how the government can't do anything right.
"But this one goes to 11!"